Chapter 2. Business Central Configuration

The access control mechanism includes authorization and authentication. In the unified environment of Red Hat JBoss BPM Suite, users are able to update the default user roles located within $JBOSS_HOME/standalone/deployments/business-central.war/WEB-INF/classes/userinfo.properties.

To grant a user access to JBoss BPM Suite, the user needs to have the respective role assigned:

If using Red Hat JBoss EAP, to create a user with particular roles, run the $JBOSS_HOME/add-user.sh script and create an Application User in the ApplicationRealm with the respectives roles.

Within Red Hat JBoss BPM Suite, users may set up roles using LDAP to modify existing roles. Users may modify the roles in the workbench configuration to ensure the unique LDAP based roles conform to enterprise standards by editing the deployments directory located at $JBOSS_HOME/standalone/deployments/business-central.war/WEB-INF/classes/workbench-policy.propeties.

If authenticating user via LDAP over GIT, administrators must set system property org.uberfire.domain to the name of login module it should use to authenticate users via the GIT service. This must be set in the standalone.xml file in EAP.

Every Task that needs to be executed is assigned to one or multiple roles or groups, so that any user with the given role or the given group assigned can claim the Task instance and execute it. Tasks can also be assigned to one or multiple users directly. JBoss BPM Suite uses the UserGroupCallback interface to assign tasks to user.